India crowned global spam-spewing zombie king AGAIN

Ha ha, do keep up, China


India has cemented its position as the world's biggest fire hose of spam email, according to new figures.

Hacked computers in the republic working on behalf of crooks spewed more than one in ten of the globe's spam mails in the last quarter, reported web security firm Sophos.

India is home to 5.3 per cent of the world’s internet users, but it plays an oversized role in the global junk mail epidemic. Apparently, lax security leaves the country's PCs prone to viruses, which press-gang machines into remote-controlled zombie armies to do the bidding of criminals - such as flooding inboxes with dodgy advertising spam.

Asian countries disgorged 49.7 per cent of the world's junk email last quarter, compared with 8.6 per cent of spam fired off from North America, according to the stats from Sophos. The security biz also pegged China in eighth place this time around; it's believed the huge authoritarian state's Great Firewall, and the fact that citizens need a licence to run an email server in the nation, play a part in limiting .cn-sourced spam.

Greater availability of internet access in Asia is continuing to fuel the increase in spam from that continent. Only a year ago the US topped Sophos's Dirty Dozen list of spam-relaying countries, but these figures have been turned on their head: India has topped the list of shame for the past two quarters.

The actual content of spam messages have remained largely unchanged, and the identities of gangs responsible for commanding zombie botnets remain unknown.

"The spam itself, of course, doesn't have to promote Indian goods," commented Graham Cluley, senior technology consultant at Sophos. "Chances are that most of the spammers who are relaying their messages through compromised Indian computers are not based in the country at all - and just taking advantage of zombie computers that have been unwittingly recruited into a botnet." ®

Top 12 spam-relaying countries for April to June 2012, according to Sophos

  1. India: 11.4 per cent
  2. Italy: 7.0 per cent
  3. S Korea: 6.7 per cent
  4. USA: 6.2 per cent
  5. Vietnam: 5.8 per cent
  6. Brazil: 4.4 per cent
  7. Pakistan: 3.7 per cent
  8. China: 3.2 per cent
  9. France: 3.1 per cent
  10. Russia: 2.9 per cent
  11. Poland: 2.7 per cent
  12. Taiwan: 2.6 per cent

Similar topics

Broader topics


Other stories you might like

  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading
  • Enemybot botnet uses Gafgyt source code with a sprinkling of Mirai
    Keksec malware used for DDoS attacks, may spread to cryptomining, Fortinet says

    A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.

    The group Keksec (also known as Nero and Freakout) is using the fast-evolving Enemybot to target routers from vendors like Seowon Intech and D-Link and is exploiting a remote code execution (RCE) vulnerability (CVE-2022-27226) discovered last month in iRZ mobile routers, according to a report this week by Fortinet's FortiGuard Labs team.

    Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things (IoT) devices into a larger botnet that can be used to launch DDoS attacks.

    Continue reading
  • Emotet reestablishes itself at the top of the malware world
    Botnet infrastructure shut down last year, now central to a fast-spreading email scam, researchers say

    More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.

    In a March threat index, Check Point researchers put the Windows software nasty at the top of its list as the most widely deployed malware, menacing or infecting as much as 10 percent of organizations around the globe during the month – a seemingly unbelievable estimate, and apparently double that of February.

    Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.

    Continue reading
  • Microsoft-led move takes down ZLoader botnet domains
    That should keep the criminals offline for, well, weeks probably

    Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using to spread the remote-control malware and orchestrate infected machines.

    The tech giant's Digital Crimes Unit obtained a court order from a US federal judge in Georgia to take down the domains, which are now directed to a Microsoft-controlled sinkhole so they can't be used by the malware's masterminds to communicate with their botnet of commandeered Windows computers.

    From what we can tell from the filings submitted by Microsoft to the courts, its justification for the seizure is that ZLoader used the domains to injure the Windows giant as well as residents of the US state and commit computer fraud, infringement of Microsoft trademarks, and other illegal activity. The trademark infringement being that at least one of the domains was used for a website that featured Microsoft trademarks in an attempt to masquerade as a legit Redmond site, and also references in phishing emails to Microsoft-trademarked programs, such as Excel.

    Continue reading

Biting the hand that feeds IT © 1998–2022